very low frequency tech postings - security/ICMP3_cisco_insecurity.writeback
home blog feed eyes info
code [12]
dect [4]
hard [8]
meta [5]
security [5]
Sat, 05 Aug 2006
ICMP3, and cisco insecurityI am at ICMP3 a nice hacker's event meeting nice people and having fun with lots of HW and SW. I will give a speech tomorrow, for which I still have to prepare some slides.
I was assuming I can find a lot of VoIP/SIP HW here to play around with, but I was a little bit disappointed not to find too much. I had prepared a piece of SW to stress VoIP phones (later there will be more on this), I also had success on all of them (as in crashing them).
The only exception is a Cisco 7905 SIP phone, where I couldn't even get to the point of attacking the SIP stack or codecs. The market leader in IP networking HW has implemented a remote reboot procedure:
# arpspoof 194.150.169.59 44:44:44:44:44:44 ff:ff:ff:ff:ff:ff 0806 42: arp reply 194.150.169.59 is-at 44:44:44:44:44:44
Sigh. I need that command to run my stress test SW. Model and version are:
CP-7905G App Load ID CP7905080000SIP060111A Boot Load ID LD0100BOOT021112A
writebacks...
comment...